Apple iOS feature could disable USB data access on locked iPhones
New tool could cause headaches for law enforcement
In what could be the latest cat-and-mouse development between Apple and the law enforcement community, Apple may be introducing a new feature that will disable lightning USB data access on locked iPhones in its upcoming iOS version.
Apple’s new feature, called USB Restricted Mode, will disable all data being sent over USB if the device isn’t unlocked for a period of seven days, likely creating headaches for law enforcement authorities trying to crack the iPhone. The feature was first discovered by Moscow-based software company Elcomsoft.
The USB Restricted Mode — if it will be in iOS 11.4, as predicted by Elcomsoft after looking at Apple documentation and developer betas — will be Apple’s strongest effort in safeguarding iPhone users’ privacy since its face-off with the FBI over unlocking
the iPhone of San Bernardino shooter Syed Rizwan Farook in 2015. After Apple and the FBI spent weeks exchanging heated words through statements and media interviews, the FBI found a third party that was able to crack Farook’s iPhone.
Three years later, companies such as Cellebrite and GreyKey provide the tools for local police and national security agents to
bypass iPhone encryption. GreyKey, for example, is able to crack iPhone passcodes for just $15,000.
But with the USB Restricted Mode, iPhones now have a set time limit for a third party to open the phone without the user’s passcode, Touch ID or the new FaceID facial recognition technology.
“Law enforcement will have at most 7 days from the time the device was last
unlocked to perform the extraction using any known forensic techniques, be it logical acquisition or passcode recovery via GreyKey or other services,” wrote Elcomsoft researcher Oleg Afonin in a blog post. “Even the 7 days are not a given, since the exact date and time the device was last unlocked may not be known.”